The Tallinn Manual is the first attempt to take a detailed look at the law applicable to hostile cyber operations.

Over a decade earlier, the international law community had begun to look at the subject contemporaneously with the development of the first technologies that enabled militaries to conduct offensive cyber operations.

However, the attacks of 9/11 distracted attention from the subject towards such controversial issues as detention, torture, counter-insurgency and cross-border attack authority. Not until the unprecedented cyber operations against Estonia in 2007 and Georgia in 2008 did international lawyers redirect their labours to the law of cyberspace.

The Tallinn Manual is the first attempt to take a detailed look at the law applicable to hostile cyber operations.

Authored by 20 distinguished international law academics and practitioners with the assistance of talented technical experts, the Manual offers a comprehensive and practical examination of both the international law governing the resort to cyber force by states and the international humanitarian law regulating the conduct of cyber warfare.

Reactions to the Tallinn Manual have generally been favorable. This was to be expected, for legal advisors and scholars had no other tool available to assist them in considering the legal issues emanating from cyberspace.

Somewhat paradoxically, the greatest strength of the Manual is that it does not seek to answer every question. In light of the absence of state practice, to do so would have been presumptuous.

Instead, the Manual’s commentary exhaustively catalogs the various interpretations of its 95 broad “rules”. This affords practitioners the discretion in their legal analysis that is indispensable at this nascent stage in the development of the law of cyberspace.

A beginning

It is essential to understand that the Tallinn Manual is but a beginning.

Beyond the differences in interpretation cited in the commentary, the Manual’s authors were unable to agree upon a definitive threshold for an unlawful cyber “use of force” by a state or a related bright line representing a cyber “armed attack” that justified a state in using force in response.

The Tallinn Manual focuses most of its attention on the classic international law addressing the use of force in cyberspace, as well as the rules that apply on the cyber battlefield.

In their view, the law on these subjects had yet to crystallize. Therefore, it will be necessary to carefully monitor state practice over the coming years to provide granularity to the very broad statements of law the Tallinn Manual offers on these and certain other topics.

Indeed, one should expect the international law governing cyberspace to evolve rapidly as it labors to maintain congruency with the international community’s values. The drafters of the Manual made no attempt to try to anticipate what the law might, or should, look like in the future. As these values mature in the context of cyberspace, current understandings of law will develop and new law may emerge.

Finally, the Tallinn Manual focuses most of its attention on the classic international law addressing the use of force in cyberspace, as well as the rules that apply on the cyber battlefield. It only briefly examines the law governing state responses to cyber operations that do not rise to the level of an “armed attack” in the law of self-defense – a topic that constitutes a fertile ground for further legal examination. Indeed, on a day-to-day basis, legal advisors are much more likely to deal with cyber incidents of this sort than those on the high end of the conflict spectrum.

Tallinn 2.0

Hopefully, the Tallinn Manual will not only highlight topics meriting further examination, but also encourage research on the subjects that it did not address. For its part, the NATO Cooperative Cyber Defence Centre of Excellence has launched a follow-on project to explore issues like the obligations of States under public international law and State response options with regard to the low-intensity conflicts in cyberspace.

Titled “Tallinn 2.0”, the project brings together four of the original members of the Tallinn Manual project, as well as legal and technical experts from the Centre. Cambridge University Press will publish the results of their work in the 2015-2016 timeframe.